According to the global payment provider Visa, 2022 became a record-breaking year for cryptocurrency thefts, with over $3 billion stolen in on-chain exploits. Cryptocurrency bridge services were a favored target for threat actors.
Visa published the biannual threats report on March 20. The document contains data on all sorts of violations occurring globally in the digital payments system last year — from plastic card fraud schemes to malware. A separate section is dedicated to cryptocurrency and digital platforms.
It pays particular attention to the vulnerability of token bridges. Commonly, fraudsters exploit a bridge service’s smart contracts to either forge new transactions or allow for the approval of unauthorized transactions. The total amount of funds stolen via token bridges totals $2 billion from January through early October 2022.
The report also mentions a crypto-focused phishing campaign, whose actors were impersonating a crypto exchange in emails to harvest the victim’s account login data. Once the real exchange prompts the threat actor for the two-factor authentication (2FA), they would use the spoofed site to prompt the victim to enter their 2FA information, using the real 2FA from the spoofed site to complete the login process.
In February, it was reported that, along with its competitor Mastercard, Visa would delay the launch of new partnerships with crypto firms due to high-profile bankruptcies in the industry. However, Cuy Sheffield, head of product at Visa, called the report inaccurate and reassured that Visa would “continue to partner with crypto companies to improve fiat on and off-ramps,” and “build new products that can facilitate stablecoin payments.”
On Feb. 20, the Bitcoin market cap flipped the market cap of Visa for the third time in history. By March 14, the gap between the two reached more than $20 billion in favor of BTC.